SSH Log on Open Indiana

Hello,
I would like to have log of my SSH server on my OpenIndiana. Unfortunatly there is zero auth log in the log file (/var/log/* or /var/adm/*)
So i have edit my /etc/syslog.conf :
#Default 
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
# My add
*.info                                          /var/log/test.info
auth.*  /var/log/authlog.log

Open in new window

and here is my /etc/ssh/sshd_config
# Syslog facility and level
SyslogFacility auth
LogLevel info

Open in new window


I have then restarted the syslog daemon and my ssh server but still no log. No  /var/log/authlog.log and strangly /var/log/test.info , normally all bin sending INFO log should go into that file which is not yet created...I should miss something!
Thanks for help
numtechAsked:
Who is Participating?
 
Brian UtterbackConnect With a Mentor Principle Software EngineerCommented:
You have two problems here, possibly three.

One, as noted above, the file must exist, syslogd will not create it.
Two, "auth.*" is not valid. You can not use an asterisk for the priority, only for the facility. The priority is specified by name, and that name says to log all messages of that priority and higher. So, to log all message priorities, use "debug".
Third, you may not have this problem but it often trips people up.  You cannot use spaces between the entries in the syslog.conf file, only tabs will work. Check to see if you have tabs or spaces.
0
 
TomuniqueConnect With a Mentor Commented:
I can't speak for your OS.  On our system (different flavor of unix), the output file must exist before syslog will write to it.

Try
touch /var/log/test.info

then restart your syslog deamon.
0
 
numtechAuthor Commented:
It works!
First, i was using /lib/svc/method/system-log restart which actually dont restart anything! so using
svcadm restart svc:/system/system-log:default works better ;)
i have then remove the auth.* and replace it by auth.debug and created the file by touch.
Thanks again

0
 
numtechAuthor Commented:
Simple and clear.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.